Lucene search

K
cveRedhatCVE-2012-2737
HistoryJul 22, 2012 - 5:55 p.m.

CVE-2012-2737

2012-07-2217:55:02
CWE-362
redhat
web.nvd.nist.gov
27
cve-2012-2737
accounts-daemon
accountsservice
uid
icon file
system cache directory
race condition
nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

10.1%

The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

Affected configurations

Nvd
Node
ray_stodeaccountsserviceRange≤0.6.21
OR
ray_stodeaccountsserviceMatch0.4
OR
ray_stodeaccountsserviceMatch0.5
OR
ray_stodeaccountsserviceMatch0.6
OR
ray_stodeaccountsserviceMatch0.6.1
OR
ray_stodeaccountsserviceMatch0.6.2
OR
ray_stodeaccountsserviceMatch0.6.3
OR
ray_stodeaccountsserviceMatch0.6.4
OR
ray_stodeaccountsserviceMatch0.6.5
OR
ray_stodeaccountsserviceMatch0.6.6
OR
ray_stodeaccountsserviceMatch0.6.7
OR
ray_stodeaccountsserviceMatch0.6.8
OR
ray_stodeaccountsserviceMatch0.6.9
OR
ray_stodeaccountsserviceMatch0.6.10
OR
ray_stodeaccountsserviceMatch0.6.11
OR
ray_stodeaccountsserviceMatch0.6.12
OR
ray_stodeaccountsserviceMatch0.6.13
OR
ray_stodeaccountsserviceMatch0.6.14
OR
ray_stodeaccountsserviceMatch0.6.15
OR
ray_stodeaccountsserviceMatch0.6.16
OR
ray_stodeaccountsserviceMatch0.6.17
OR
ray_stodeaccountsserviceMatch0.6.18
OR
ray_stodeaccountsserviceMatch0.6.19
OR
ray_stodeaccountsserviceMatch0.6.20
VendorProductVersionCPE
ray_stodeaccountsservice*cpe:2.3:a:ray_stode:accountsservice:*:*:*:*:*:*:*:*
ray_stodeaccountsservice0.4cpe:2.3:a:ray_stode:accountsservice:0.4:*:*:*:*:*:*:*
ray_stodeaccountsservice0.5cpe:2.3:a:ray_stode:accountsservice:0.5:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6cpe:2.3:a:ray_stode:accountsservice:0.6:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.1cpe:2.3:a:ray_stode:accountsservice:0.6.1:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.2cpe:2.3:a:ray_stode:accountsservice:0.6.2:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.3cpe:2.3:a:ray_stode:accountsservice:0.6.3:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.4cpe:2.3:a:ray_stode:accountsservice:0.6.4:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.5cpe:2.3:a:ray_stode:accountsservice:0.6.5:*:*:*:*:*:*:*
ray_stodeaccountsservice0.6.6cpe:2.3:a:ray_stode:accountsservice:0.6.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

10.1%